CVE-2020-9112Improper Privilege Management in Huawei Taurus-an00b Firmware

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Taurus-an00b Firmware
Timeline
PublishedOct 19
Latest updateMay 24

Description

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/taurus-an00b_firmware< 10.1.0.156\(c00e155r7p2\)
CVEListV5huawei/taurus-an00b_firmwareVersions earlier than 10.1.0.156(C00E155R7P2)

🔴Vulnerability Details

3
GHSA
GHSA-xgmm-v76r-g7gj: Taurus-AN00B versions earlier than 102022-05-24
CVEList
CVE-2020-9112: Taurus-AN00B versions earlier than 102020-10-19
OSV
OpenJPEG vulnerabilities2020-09-15
CVE-2020-9112 — Improper Privilege Management in Huawei | cvebase